Slashdot Mirror
Speculation On Large-Scale Phone Location Snooping
An anonymous reader recommends a speculative blog entry by Chris Soghoian up on CNet. Soghoian makes a convincing case that the NSA could be using loopholes in the law to gather real-time location information on the mobile phones of millions of people. There is no hard evidence that this is happening, but the blog post sheds light on the dense undergrowth of companies populating the wireless space that could be easy pickings for a National Security Letter with a gag order attached. "While these household names of the telecom industry [AT&T, Verizon, and Sprint] almost certainly helped the government to illegally snoop on their customers, statements by a number of legal experts suggest that collaboration with the NSA may run far deeper into the wireless phone industry. With over 3,000 wireless companies operating in the United States, the majority of industry-aided snooping likely occurs under the radar, with the dirty work being handled by companies that most consumers have never heard of."
"with the dirty work being handled by companies that most consumers have never heard of."
That would be the NSC.
"Kill 'em all and let Root sort 'em out"
...is read your EULAs!!! This is why I don't own a cell phone. enough people have at least one, there is always one around if I need one.
... with the battery out, until I need it. I also keep a roll of aluminum foil with me in case I need to make a hat.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Well if they weren't before, they will now. Gee, thanks for giving them ideas.
Gag orders themselves are not legal:
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
I can think of no greater service the press performs than to inform the population of a pending trial/investigation.
The right to investigate the government's actions is reserved to the people. Period.
A government is a body of people notably ungoverned - AC
What would be the motivation for *real-time* tracking of millions of people? How many watchers do you need to watch a million people?
The things you could do with realtime location information. You could "watch" suspected terrorists converge on cities, landmarks and airports. Even if you didn't have a sense of "suspected terrorist", you could watch for connected graphs of individuals converging (cell phones are vertices, edges are calls between cell phones). There's all kinds of other information you could draw in to give a graph's threat level.
I hate human rights abuse. Technically speaking though, this is very interesting.
Wayne Industries?
the NSA could be using loopholes in the law
Why use loopholes when they don't have any qualms about outright breaking the law?
"What would be the motivation for *real-time* tracking of millions of people? "
Urban Planners would like to know.
I was recently hired by a company that works on classified information. Cell phones are not allowed, by DOD policy. The risk lies in the ability of [??] to remotely activate the phone and eavesdrop on the microphone. This wasn't a joke, several people believe the capability already exists.
Why is the sky blue?
As long as my wife doesn't know where I am then who cares about the government.
I'm absolutely against this sort of terrible thing, but, um... it is the kind of contract with more immunity to outsourcing.
This is my sig.
I once saw Batman do it
Every other day, I tie my cell phone to a well trained swallow (european - it's a small phone) and let it fly around with it all day. Worst case, it nests in the eaves of a meth lab, in which case I present the DEA with the swallow.
Some see the vessel as half full; others see it as half-empty; We pour it out on the floor and laugh
With the spotty performance of the GPS on my 3G iPhone, I don't need to worry about the NSA ever finding me!
blog |
If you can vote, please vote for Congresscritters and a President who explicitly endorse an end to this bullsh*t.
It is easy to keep a secret: tell no-one! Two people can only keep a secret if one or both of them are dead.
Sure, the NSA could try. Maybe even under a legal smoke-screen. The problem is the gag order wouldn't stick. Too many people would need to know, or see the traffic. Somebody, somewhere would leak. Lots of good, anonymous ways. And it is not as if they're comitting treason.
Besides, I don't think this would yield much. Anyone concerned with surveillence should have their cells turned off unless making a call or expecting incoming/gathering txts. More concerned invidividuals will use disposible phones.
Unfortunately, this is just one facet of a larger problem with no especially easy solution.
Trouble is, a lot of modern high-tech, networked systems generate huge amounts of potentially creepy data just in order to work. Your cellphone is useless if the network doesn't know what cell you are in, who you are calling, and what cell they are in. Nor does it work if the network doesn't know which handset and SIM are yours. Credit and debit cards only work because the system knows who to transfer money from and who to transfer it to. Hell, the internet isn't going to work all that well if systems between you and your destination don't have the information they need to deliver packets.
Now, none of this means that we should aggregate and make use of these data, indeed, I think we shouldn't. However, because all these data necessarily exist for the system to work, they are constantly just sitting there, yours for the collecting. That makes legislative or cultural safeguards extremely difficult to build, even under the best of circumstances(ours are not the best of circumstances).
Unfortunately, I don't know of any good way out. In some cases, it might be possible, with sufficient will, to build systems that don't generate so much compromising information(I hear very interesting things, for instance, about using clever crypto tricks for electronic currency). In others, that may not be possible. While you can, at a cost of latency and bandwidth, make tracking your activity on a network a nuisance(see tor), you would be hard pressed to defeat an opponent who can see the whole network, and you certainly can't match the efficiency of unobfuscated traffic.
Barring a more or less apocalyptic collapse of modernity, we are going to have a damn difficult time building technology that doesn't, just in order to work, know rather more about us than we would like. Nor will it be very practical to directly legislate against particular abuses, the tech changes too quickly, and a disconcerting proportion of legislators are thick as posts when it comes to technological issues.
If there is any hope at all, which I'm not sure that there is, it would be in doing what we can technologically(cryptographic cash + encrypting everything we can + avoiding potentially backdoored systems) along with encouraging a culture that rejects surveillance.
I was recently hired by a company that works on classified information. Cell phones are not allowed, by DOD policy. The risk lies in the ability of [??] to remotely activate the phone and eavesdrop on the microphone. This wasn't a joke, several people believe the capability already exists.
Having the cell phone remotely activated is the least of their concerns. They're more concerned about YOU activating it, or using it to store something.
I have a friend who works on classified stuff too (as does just about anyone who works in DC/Maryland.) They have a room that is for use of classified systems and materials.
Cell phones etc are kept outside because everything that goes in, stays in, so that it can't be used to bring something out. For example, he took a USB mouse in, and had to buy a new one to replace it- they wouldn't let the USB mouse out, because it could be used to hide stuff. Maybe it had been modified with memory, or opened up and something classified stuffed inside the case. Etc.
Please help metamoderate.
Another type of gag order was for a while used by courts to restrict the press from reporting certain facts regarding a trial. This gag order became more common after the Supreme Court's 1966 decision in Sheppard v. Maxwell, 384 U.S. 333, 86 S. Ct. 1507, 16 L. Ed. 2d 600, in which it reversed a criminal conviction on the grounds that Pretrial Publicity had unfairly prejudiced the jury against the defendant and denied him his Sixth Amendment right to a fair trial. However, in a 1976 decision, Nebraska Press Ass'n v. Stuart, 427 U.S. 539, 96 S. Ct. 2791, 49 L. Ed. 2d 683, the Court held that pretrial gag orders on the press are unconstitutional. It ruled that such orders represent an unconstitutional Prior Restraint and violate the First Amendment, which guarantees the Freedom of the Press. [legal-dictionary.thefreedictionary.com]
Now, what the NSA will do is issue a gag order as a "matter of national security". They can and will get away with it. Also, a gag order is very different when it is issued to contractors or employees.
Back in the day, upon finding a friend's phone unattended, I used to change their language to something unintelligible. These days, I leave the language alone and go straight for the GPS tracker setting. That's right, I opt my friends in for tracking by the government. Pretty funny!
305,063,243 Americans
talk 0.11 hours per day on the phone or 6.6 minutes on average per day or 2,409 minutes a year
or 734,897,352,387 total minutes a year
Using GSM cellphone audio compression technology of 5.6kbps or 336kbpm or 246,925,510,402,032 kb/year or
30,865,688,800,254 KB/year
or
30,142,274,219 MB/year
or
29,435,815 GB/year
or
28,746 TB/year
or
28 PB/year
and if you assume people mostly talk to other Americans you only need to record half of the conversions
or 14 PB/year
1TB drive currently costs about $200 or
$3 million dollars to store all the made calls in the US in a year plus overhead.
More like a general problem with the erosion of trust in societies. Think of how smoothly society would work if everyone trusted everyone else. Artists could release anything they wanted without fear. Consumers could enjoy anything they wanted in peace.
At this point, I think it's pretty clear that people need a secure way to perform key exchange with friends and have the keys stored and the conversations decrypted off of their mobile phone devices.
Why aren't such systems in the consumer space yet, and cheap?
It may have something to do with this.
I could be wrong though but what the hay.
>
The phone companies GIVE AWAY gobs of their best technical services for free to the NSA. One would think that if they can afford to do that they could give us kulaks better or cheaper or more effective and comprehensive service. I for one am mightily pissed off that I'm paying my horribly inefficient and service-lacking cell phone company to do this. To me this is a hidden tax.
https://81.143.55.50:58443
Now that Congress has demonstrated its enthusiasm for rewriting laws when telcos and the NSA violate them (along with the Constitution, like in the 4th Amendment), as it just did this Summer in the FISA, why should the NSA care about the law at all? Laws are for little people.
--
make install -not war
Your cellphone is useless if the network doesn't know what cell you are in, who you are calling, and what cell they are in. Nor does it work if the network doesn't know which handset and SIM are yours. Credit and debit cards only work because the system knows who to transfer money from and who to transfer it to. Hell, the internet isn't going to work all that well if systems between you and your destination don't have the information they need to deliver packets.
- it's called polling. Sure it's not as fast, but if the data is queued up somewhere that can be reached with a request and an identifier, then it should be possible to anonymize the original location (proxies and such.) It is possible to do but noone does it this way because it is not a primary concern (usually.)
You can't handle the truth.
The NSA is always trying to find some way of grabbing information from you.
Is there anything out there to scramble our whereabouts, encrypt our text messages or voice convos? It seems like we use our cell phones more and more, and encryption has been a lost idea with this newer technology
"That would be the NSC"
Or, the National Security Council. Or any of the many secret organizations of the government, that do what they want and don't worry about what voters would think
* GPS (It knows where you are)
* No way to remove battery (You can't turn it off)
* No multitasking/process monitoring without jailbreaking (You can't see what it's doing)
* No video capabilities (You can't record the police-- which is one of the few dangers to the state, these days.)
Interesting that a device so compelling in so many ways is crippled in such specific ways.
Oh, and of course... it's AT&T.
See, people like to think that nobody else knows about them. At least, when they don't want anybody to.
But the truth is that when you are in public, there's this horrible electromagnetic vibration generated by a large source (called the "sun") which generates EM radiation. Almost without exception, some of these EM rays will bounce off you and be detectable by other biological units that contain passive EM radiation sensors. (eyes)
Once so recorded by biological units, the information about your whereabouts is thereafter not private at all. Said biological unit might be your wife, who may or may not appreciate the red-head's hand that you are holding at the fancy restaurant you told her last week was "too expensive" for a Friday night date.
Get over it! The problem isn't the PRIVACY of your data but its TRANSPARENCY.
When your county's land ownership is a matter of record as a piece of paper at the county office (circa 1960) the fact that it's "public record" is no big deal, because there's a certain amount of privacy in the fact that, to find out who owns your house, somebody has to physically go to the county office, talk to the extremely overweight clerk (the one in the white sweater with breasts the size of small watermelons) in order to view the deed for your street address, and then write that down to know who you are.
But it's different when there's a website with your house ownership, phone number, social security number, and just about everything else known about you, available with a mouseclick or a google search. I just searched my home address, and found that google dutifully returned my name, and both of my home phone numbers. It took me another 2-3 minutes to search and get my SSN.
Privacy? Fat chance. And anything that uses the airwaves is, by definition, part of a public resource. You are no private with your cell phone, cellular card, or wifi card than you are with the sunlight and your wife.
Get used to it. Decide if it's worth it, and make up your mind.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
ThorpeGlen's vice president of global sales showed off the company's tools by mining a dataset of a single week's worth of call data from 50 million users in Indonesia, which it has crunched in order to try and discover small anti-social groups that only call each other.
Data mining can work, but it requires a lot of care and validation. This sounds like snake oil to me: people finding patterns in data, and then putting some interpretation on it.
Uh, e-mail _is_ private. Need a warrant to search it.
Hi there. This is Slashdot. A technical site.
As such, we here have a few requirements for readers. Such as, when we say "store and forward" in the context of email you are to understand that technically that content is stored anywhere, forwarded anywhere, all not under your control.
So instead of being some kind of suit who laws the laws bend rules of nature, why don't you put on that technical hat and realize that it doesn't matter what the law says - email has ZERO expectation of privacy on your part, unless you are encrypting the contents. Otherwise, it can and will be read by a lot more people than the federal government.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Warrants have been required in case law for GPS admissibility for some time now.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
I belong to a society that our members are often killed if the government or others find out. During our meetings we are bombed or shot at.
You may say you have no secrets but the membership in my group, at the moment isn't a secret, but I don't share it with everyone. Thankfully we don't have to be underground here in the US but the time is coming that we'll have to once again go underground.
I'm a Christian. We are not dangerous but often killed by oppressive people (Muslims), governments (China, Saudi Arabia, Iraq, Iran) and awful people (anti-Christians).
If you say I have nothing to fear, you are correct. At the moment. The Holocaust started with hate and the government.
From what I see on slashdot, there's enough hate for me to fear some of the posters gaining power.
You jest, but isn't it a little sad that one must be an amateur cryptographer to have some privacy?
Why? Why is that sad? That has been true, throughout all of history. The more people you interact with, the less privacy you have. The equation has remained the same time immemorial.
That's because Privacy at the levels some seem to think they are entitled to now, is incredibly hard and basically does not work without much diligence.
What we can all be happy with though is the fact that larger amount of interconnected data render us not invisible, but instead anonymous. Yes people CAN track your cell phone, along with tens of thousands and millions of people in the same city. Yes you are watched by a hundred hundred cameras on your way to work. But who cares, because NO ONE can sift through all that data unless they have a very specific purpose, and even then the data is so lossy the value in it is practically nil.
Just look at England, a camera network set up specifically basically to spy on the public. The fact that it has no impact on the crime it was meant to deter and punish means that even when you try to keep the data organized, there is so much that you will fail.
So smile for the camera, because chances are it's the only thing that will ever see you. You are not important enough to watch, and if you were no systems are really good enough to watch you all the time.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Honestly who really has conversations they care two figs about being listened in on, except perhaps teenage girls and boys.
You may be worried about the government listening but the simple fact is any network tech might just as well be listening in for fun - and that's just the reality of who networks, well, work.
Since no-one cares there is zero value in encrypting cell phone traffic because it would add to the cost of a phone to do so.
Buy an OpenMoko and knock yourself out.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The populace didnt think it was wrong either to letting the church or local govt know your religeons or history or gayness.
Then the psychos took over germany, had all the census data, and thought - wow theres a lot of scum around, lets purge.
The people rule, not the govt.
Liberty freedom are no1, not dicks in suits.
Have you seen the Bob Woodward stories from his new book about how 'Groundbreaking Covert Techniques' have significantly allowed the US to know every word the Prime Minister says and allows US to "locate target and kill" the bad guys. It certainly seems to be that they are doing this will cell phones. http://www.washingtonpost.com/wp-dyn/content/article/2008/09/04/AR2008090403160.html?hpid=topnews
Ages ago like in the 90s, when documentaries used to show all the fbi secrets, one showed how they used a relational map between criminals and friends, who knew who how often and for how long, this made a nice tidy pretty map, that could show hidden relationship layers or indirect 'friends'.
If facebook did this it would be amazing. Iam sure that old program has been expanded to every citizen and foreigner.
Liberty freedom are no1, not dicks in suits.
What about if say for example, video of you pooping every day was published on the internet from multiple angles? Or maybe you masturbating or having sex?
That information might not be a big deal if it was all released all the time for everybody, but when it's not an "opt-in" type of thing or if its done selectively, I think it could be quite embarrassing despite being natural, acceptable actions that are perfectly normal.
There are certain things that most humans just wish to NEVER have shared with anybody but their most intimately trusted partners, and some not even then.
The need for privacy is a product of evolution, and is seen in many species other than humans. Children can be seen harnessing these feelings as they mature, initially not seeing anything wrong with getting naked in public, but eventually hiding their private parts from even their parents. Many people are even embarrassed to get naked for a doctor. It makes you feel vulnerable, and nudity isn't the only thing that's private, and certainly not the only way we can feel vulnerable.
I'd rather be a slave to my evolutionary/instinctive needs than be a puppet/asset of a fascist/oppressive/overbearing government/corporation and their arbitrary and completely unnecessary rules and abuse of power.
Just because a few people are willing to give up privacy doesn't mean it's acceptable to force on everybody. A few people are willing to die for their country, but that doesn't mean we should let the government kill us all either.
Move all sig!
After watching batman, I am certain there is something of this nature out there already being used by gov. agencies such as the NSA. The fact that it was this same technique, they used to catch the mob and set up a sting operation which had 99% accuracy rate... I would say...be afraid....be very afraid.
Why is this kind of non-news blogspam being allowed on /.?
"Well, they could do it...." is only acceptable when there is some evidence that "they" are actually doing it.
After all, the author of the blog post could be a child rapists and murder, but there is no evidence he actual is.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
The principle that the airwaves are public and anyone can 'listen to' any transmission (or perhaps more correctly, 'look at' any part of the EM spectrum) is very useful.
IIRC, this principle has been the basis for throwing out laws that forbid the use of radar detectors, which are, of course, simply radio receivers tuned to a particular frequency.
These claims are often made by privacy advocates, but other sources have the opposite view.
However, even the EPIC acknowledge, that there was some contribution made by the CCTV surveillance: "Evidence from Europe, however, suggests that the benefits of CCTV are significantly overstated." They then skillfully juggle the facts: "While the average Londoner is estimated to have their picture recorded more than three hundred times a day, no single bomber has been caught," — omitting completely the case of the fairly high-profile recent case of German train-bombers. The EPIC-guys are not being entirely honest, and you should not be falling for it.
I don't think, a camera is any worse, than a policeman standing there watching. A society just can't afford so many policemen, so we resort to these cameras as productivity tools.
In Soviet Washington the swamp drains you.
You could use something like Tor. Hidden services work reasonably well, despite theirs and the other party's locations being unknown.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
I'm surprised that, given all the posts in response to this story, I haven't found any which have pointed out one simple fact.
Yes, GPS is a fixed feature in most mobile phones. HOWEVER -- it IS possible, in every phone I've ever come across, to configure it such that it will only report your location when you dial 911.
This link provides only one example. My own phone, a Motorola W385, has the setting under 'Phone Settings' and 'Location.' You simply change it from 'Location On' to '911 Only.'
It often amazes me how much hype is given to a simple subject with a simpler answer.
Bruce Lane, KC7GR,
Blue Feather Technologies
It was clear that some people are slaves to their paranoia, and that they'll let their own fear cause them to engage is ridiculous fear mongering.
"Oh my god! My buddy is a known criminal, and they...they... I can't believe this, those fucking fascist police actually had the gall to QUESTION PEOPLE WHO KNOW HIM! Can you believe that! Where is the ACLU when you need them!"
Uh, yeah, the, um, unmitigated horror?
I hope THAT clarifies a few things for you...
To quote LongNoi "QZTR was right and won't leave me alone because I called him a moron when I was wrong" FYS
You brouhjt up guilt by association, and I demonstrated why that assertion was vapid.
I didn't address the ridiculos bklackmail point because the idea that the police would engage in blackmail, which is so easily proven, seemed absurd to me.
So what you're saying is that the police would use your associations to blackmail you, which would require the police to leave a trail of evidence documenting their actitvities that could easily be used against them, and you somehow fail to see why that's ridiculous?
To quote LongNoi "QZTR was right and won't leave me alone because I called him a moron when I was wrong" FYS
But every contact and note and photo in your phone can probably be removed slowly, a few bytes at a time so as to not tip you off such as through faster-than-normal battery drainage. Each time your service light blinks could be when bytes move out of the phone. Your phone might be duplexing, and streaming your data bytes along with your voice.
Also, any time your phone is commanded off or forced to "update software" by your carrier, or when a web site crashes your phone... well, those are opportunities for data scraping. For all we know, the NSA and other agencies have a master overlay on the entire phone network and they simply allow data flow, where commonly we think they HAVE to request court-approved wiretap letters. And, even though the contents are multiplexed or scrambled for transport, most of the data is trivially reconstructable by intelligence communities.
But, look at it this way: if you're not breaking laws or if you're breaking trivial/irrelevant/old (still on the books because it's too expensive to remove the arcane of the laws), then the more the agencies know about you more mundane you'll be in the background. An occasional interest may perk up in the eyes/mind of specific analysts, but unless you're a Ludlum or Clancy budding to actually take down one or more nations and you're also a suspected spy, or a drug dealer or black market organs or commodities and other criminal types, what are people going to keep fretting over?
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Yes you are watched by a hundred hundred cameras on your way to work. But who cares, because NO ONE can sift through all that data unless they have a very specific purpose, and even then the data is so lossy the value in it is practically nil.
Sure, that's true for right now. But with storage media being so incredibly cheap most video, purchase history, and other data will probably be saved pretty much forever. It's only a matter of time before computer systems become significantly advanced to automatically scan through hundreds of thousands of hours of video, and compile it together with tens of thousands of other data sources and turn it into real privacy-invading reports on specific people.
Imagine in the year 2019 if your health insurance claims is denied because you've purchased too many twinkies and red meat steaks using your credit card (or shopper's "convenience" card) at the supermarket over the past 20 years. Imagine if you're fired from your job because a background check company's computers have found you on a traffic video chatting with a known criminal on a street corner 13 years ago.
Is this a news report or a trailer for a motion picture?
But with storage media being so incredibly cheap most video, purchase history, and other data will probably be saved pretty much forever
Why anyone familiar with modern computers would say that is a mystery to me. It is an effort of herculean proportions to truly save anything forever on digital media, rather than have it disintegrate forever. You can make infinite copies, but that supposes you care enough to do so, or to examine the copies for signs they have not been muddled in the transfer, and that you keep multiple copies where you can find them later.
The flood of data makes it less likely any particular bit of random data or video will successfully be stored for any length of time.
Imagine in the year 2019 if your health insurance claims is denied because you've purchased too many twinkies and red meat steaks using your credit card (or shopper's "convenience" card) at the supermarket over the past 20 years.
How I would welcome a world where peoples actions actually had impact on their lives. Sadly I do not think that world is where we are headed.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Maybe I missed something in the article, but why would the government want to track our every move?
Work smarter, not harder, with gps tracking